Abstract: I will discuss recent joint work with Uni. Adelaide on
applying the Flush+Reload side channel to the OpenSSL implementation
of EC-DSA. The attacks require side-channel analysis as well as
the lattice based cryptanalysis of DSA nonces introduced by
Howgrave-Graham and Smart (later refined by Nguyen and Shparlinkski).
Unlike previous attacks which requires almost as many signatures
as the number of bits in the underlying secret key, I will show
how the choice of "special" primes in the standardized elliptic
curves allows one to reduce this number by an order of magnitude.